I am finally getting back to this issue. Following your instructions gets a generic certificate on the server so that it will do SSL, but you get a certificate error every time you access the page. I have never gotten even close to that using the fragmented bits of information on http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html - but that may be because I have been trying to use a commercial certificate instead of generating a generic one. Thanks for your help with a much clearer set of step-by-step instructions (sequential; the tomcat docs are more random access).
I already have a GeoTrust certificate for this server, installed on IIS months ago, so theoretically I should be able to apply it to the Tomcat server. I can't get another from them for the same FQDN, anyway, unless it has to be converted to some other format which I doubt. I followed the instructions on GeoTrust web on how to export the certificate from IIS and convert it for apache, which yielded two files key.pem and cert.pem. Of course that does not fit into Tomcat, only Apache. Next I followed their instructions (in a completely different part of their web site) for Tomcat which involve downloading a root cert and an intermediate cert and creating a keystore with those plus the purchased SSL cert. When I install that file the Tomcat server generates a bazillion copies of this error in the catalina log: SEVERE: Endpoint [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8443]] ignored exception: java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocke tFactory.java:113) at org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint. java:407) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow erWorkerThread.java:70) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:684) at java.lang.Thread.run(Thread.java:595) Feb 7, 2008 7:24:36 PM org.apache.tomcat.util.net.PoolTcpEndpoint acceptSocket WARNING: Reinitializing ServerSocket I guess I will have to contact the certificate source directly and find out what they forgot to include in the instructions on the web site. Ultimately we do not want every user to have to fight their way past the bad certificate warning to get in. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of William H. Will Du Chene Sent: Thursday, February 07, 2008 11:37 AM To: arslist@ARSLIST.ORG Subject: Re: Apache vs IIS I never said "easy to administer." What I did say was "simple to configure." Obviously, there is some room for interpretation there. "...how the @()[EMAIL PROTECTED] do you get the damn thing to do SSL.." Fair question. It deserves a fair answer. Here is a tutorial that took me all of about 20 minutes to put together. <Tomcat + SSL Tutorial> _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"